Skip to content
This repository has been archived by the owner on Jul 19, 2019. It is now read-only.

🔒 Fix DoS vulnerability in Credit Protocol contract #33

Merged

Conversation

canterberry
Copy link
Contributor

#executeUcacTx is an inexpensive and unauthenticated function that increases the transaction counter for a UCAC without actually performing a transaction, up to that UCAC's transaction limit.

A motivated attacker can call this function continuously to perform a denial-of-service (DoS) attack on a UCAC, preventing legitimate transactions using that UCAC from being processed.

Once started, this attack can be maintained indefinitely.

Potential mitigations/effects on a live contract include:

  • An attack on a UCAC may incentivize its stakeholders to unstake their tokens.

  • The fewer tokens staked in a UCAC, the less expensive the attack becomes to perform and maintain.

  • Staking more tokens in the UCAC will increase the transaction limit, thus increasing the cost to perform and maintain the attack.

The best mitigation for this attack, then, for a live contract, would be for token holders to stake enough tokens in the affected UCAC to make the attack too expensive for the attacker to maintain.

This PR mitigates the vulnerability by reducing the visibility of the #executeUcacTx function to private, allowing it to only be called by other functions within the contract.

`#executeUcacTx` is an inexpensive and unauthenticated function that
increases the transaction counter for a UCAC without actually
performing a transaction, up to that UCAC's transaction limit.

A motivated attacker can call this function continuously to perform
a denial-of-service (DoS) attack on a UCAC, preventing legitimate
transactions using that UCAC from being processed.

Once started, this attack can be maintained indefinitely.

Potential mitigations/effects on a live contract include:

 * An attack on a UCAC may incentivize its stakeholders to unstake
   their tokens.

 * The fewer tokens staked in a UCAC, the less expensive the attack
   becomes to perform and maintain.

 * Staking more tokens in the UCAC will increase the transaction limit,
   thus increasing the cost to perform and maintain the attack.

The best mitigation for this attack, then, for a live contract, would
be for token holders to stake enough tokens in the affected UCAC to
make the attack too expensive for the attacker to maintain.
@canterberry canterberry requested a review from aupiff April 11, 2018 16:41
Copy link
Contributor

@aupiff aupiff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change, merging.

@aupiff aupiff merged commit d91ba95 into blockmason:master Apr 19, 2018
@canterberry canterberry deleted the security/ucac-dos-vulnerability branch April 24, 2018 20:24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants